<?php

session_start();
require( 'util.php' );

if (!is_logged())
	report_err_and_exit( '您没有在本版发表评论的权限。' );

validate_action_post( array( 'pid', 'msg' ) );

//-----------------------------------------

require( 'db.php' );

$pid = $_POST['pid'];
$msg = mysql_real_escape_string( $_POST['msg'] );

$sql = "INSERT INTO comment (u_id, p_id, message) VALUES ({$_SESSION['u_id']}, $pid, '$msg')";
$result = mysql_query( $sql ) or report_err_and_exit( mysql_error() );

// 更新评论次数
if ($result)
{
	$sql = "UPDATE `page` SET `comment_times` =  `comment_times` + 1, `last_replied` = CURRENT_TIMESTAMP WHERE p_id = $pid";
	$result = mysql_query( $sql ) or report_err_and_exit( mysql_error() );
}

if ($result)
{
	redirect_and_exit( 'view_page.php?pid=' . $pid, '评论成功' );
}
else
{
	report_err_and_exit( '发表评论失败(' . mysql_error() . ')' );
}

?>